Total
1844 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7575 | 1 Telerik | 1 Ui For Wpf | 2024-10-03 | N/A | 9.8 CRITICAL |
| In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | |||||
| CVE-2024-8405 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2024-10-03 | N/A | 5.5 MEDIUM |
| An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack. Note: This CVE has been split from CVE-2024-4712. | |||||
| CVE-2024-43693 | 1 Doverfuelingsolutions | 4 Progauge Maglink Lx4 Console, Progauge Maglink Lx4 Console Firmware, Progauge Maglink Lx Console and 1 more | 2024-10-01 | N/A | 9.8 CRITICAL |
| A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. | |||||
| CVE-2024-7679 | 1 Telerik | 1 Ui For Wpf | 2024-10-01 | N/A | 7.8 HIGH |
| In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | |||||
| CVE-2024-45066 | 1 Doverfuelingsolutions | 4 Progauge Maglink Lx4 Console, Progauge Maglink Lx4 Console Firmware, Progauge Maglink Lx Console and 1 more | 2024-10-01 | N/A | 9.8 CRITICAL |
| A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. | |||||
| CVE-2024-45989 | 2024-09-30 | N/A | 4.0 MEDIUM | ||
| Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user's sensitive chat data of the current session to a malicious third-party or attacker-controlled server. | |||||
| CVE-2024-47177 | 2024-09-30 | N/A | 9.0 CRITICAL | ||
| CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution. | |||||
| CVE-2023-47563 | 1 Qnap | 1 Video Station | 2024-09-28 | N/A | 8.8 HIGH |
| An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later | |||||
| CVE-2024-42025 | 1 Ui | 1 Unifi Network Application | 2024-09-28 | N/A | 7.8 HIGH |
| A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device. | |||||
| CVE-2024-45682 | 1 Millbeck | 2 Proroute H685t-w, Proroute H685t-w Firmware | 2024-09-27 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. | |||||
| CVE-2024-0005 | 1 Purestorage | 2 Purity\/\/fa, Purity\/\/fb | 2024-09-27 | N/A | 8.8 HIGH |
| A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. | |||||
| CVE-2024-42505 | 2024-09-26 | N/A | 9.8 CRITICAL | ||
| Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2024-42506 | 2024-09-26 | N/A | 9.8 CRITICAL | ||
| Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2024-42507 | 2024-09-26 | N/A | 9.8 CRITICAL | ||
| Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2023-36103 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-09-24 | N/A | 9.8 CRITICAL |
| Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request. | |||||
| CVE-2024-33508 | 1 Fortinet | 1 Forticlient Enterprise Management Server | 2024-09-20 | N/A | 7.3 HIGH |
| An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests. | |||||
| CVE-2024-46048 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2024-09-20 | N/A | 9.8 CRITICAL |
| Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i | |||||
| CVE-2024-38228 | 1 Microsoft | 1 Sharepoint Server | 2024-09-17 | N/A | 7.2 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2024-38227 | 1 Microsoft | 1 Sharepoint Server | 2024-09-17 | N/A | 7.2 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2024-7029 | 1 Avtech | 2 Avm1203, Avm1203 Firmware | 2024-09-17 | N/A | 9.8 CRITICAL |
| Commands can be injected over the network and executed without authentication. | |||||